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This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 

Listing of Claims: 

1. (Currently Amended) A method for digital content 
access control, comprising: 

receiving, by a content provisioner, a digital 
content request from a n end- user device, said digital 
content request comprising a request for digital 
content ; 

creating, by said content provisioner following 
said receiving , an authenticated digital content 
request if a n end- user associated with said digital 
content request is authorized to access said digital 
content ; 

determining, by said content provisioner following 
said receiving and in said creating , one or more 
delivery parameters, said one or more delivery 
parameters identifying a target device to receive said 
digital content wherein said one or more delivery 
parameters is used to determine said target device; and 

sending, by said content provisioner to said end- 
user device , said authenticated digital content request 
including said one or more delivery parameters. 
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2. (Original) The method of claim 1 wherein 

said digital content request comprises a Universal 
Resource Locator (URL) ; 

said authenticated digital content request 
comprises a tokenized URL; and 

said creating further comprises: 

determining a token pool associated with said 
digital content; 

determining a token in said token pool; and 
creating a tokenized URL based at least in 
part on said token. 
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3. (Original) The method of claim 2 wherein said 
tokenized URL further comprises a cryptogram based at least 
in part on an identifier that describes the location of said 
digital content. 

4. (Original) The method of claim 2 wherein said 
token is from a token pool associated with the location of 
digital content for which access is authorized. 

5. (Previously Presented) The method of claim 1, 
further comprising synchronizing said content provisioner 
with a content repository if synchronization is enabled. 

6. (Original) The method of claim 1 wherein said one 
or more delivery parameters comprises a serial number 
uniquely identifying said target device. 

7. (Original) The method of claim 1 wherein said one 
or more delivery parameters comprises a master key indicator 
for use in decrypting an encrypted form of said digital 
content . 



8. (Original) The method of claim 1 wherein said one 
or more delivery parameters comprises a key derivation 
process indicator for use in deriving a cryptographic key 
for decrypting an encrypted form of said digital content. 

9. (Original) The method of claim 1 wherein said one 
or more delivery parameters comprises a cryptographic 
process indicator that specifies a cryptographic process 
supported by said target device. 
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10. (Currently Amended) A program storage device 
readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for digital 
content access control, the method comprising: 

receiving, by a content provisioner, a digital 

content request from a n end- user device, said digital 
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content request comprising a request for digital 
content ; 

creating, by said content provisioner following 
said receiving , an authenticated digital content 
request if a n end- user associated with said digital 
content request is authorized to access said digital 
content; 

determining, by said content provisioner following 
said receiving and in said .creating , one or more 
delivery parameters, said one or more delivery 
parameters identifying a target device to receive said 
digital content wherein said one or more delivery 
parameters is used to determine said target device; and 

sending, by said content provisioner to said end- 
user device , said authenticated digital content request 
including said one or more delivery parameters. 

11. (Original) The program storage device of claim 10 
wherein 

said digital content request comprises a Universal 
Resource Locator (URL) ; 

said authenticated digital content request 
comprises a tokenized URL; and 

said creating further comprises: 

determining a token pool associated with said 

digital content; 

determining a token in said token pool; and 
creating a tokenized URL based at least in 

part on said token. 
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12. (Original) The program storage device of claim 11 
wherein said tokenized URL further comprises a cryptogram 
based at least in part on an identifier that describes the 
location of said digital content. 

13. (Original) The program storage device of claim 11 
wherein said token is from a token pool associated with the 
location of digital content for which access is authorized. 
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14. (Previously Presented) The program storage device 
of claim 10 wherein said method further comprises 
synchronizing said content provisioner with a content 
repository if synchronization is enabled. 

15. (Original) The program storage device of claim 10 
wherein said one or more delivery parameters comprises a 
serial number uniquely identifying said target device. 

16. (Original) The program storage device of claim 10 
wherein said one or more delivery parameters comprises a 
master key indicator for use in decrypting an encrypted form 
of said digital content. 

17. (Original) The program storage device of claim 10 
wherein said one or more delivery parameters comprises a key 
derivation process indicator for use in deriving a 
cryptographic key for decrypting an encrypted form of said 
digital content . 

18. (Original) The program storage device of claim 10 
wherein said one or more delivery parameters comprises a 
cryptographic process indicator that specifies a 
cryptographic process supported by said target device. 

19. (Currently Amended) An apparatus for digital 
content access control, comprising: 

means for receiving, by a content provisioner, a 
digital content request from a n end- user device, said 
digital content request comprising a request for 
digital content; 

means for creating, by said content provisioner 
following said receiving , an authenticated digital 
content request if a n end- user associated with said 
digital content request is authorized to access said 
digital content; 

means for determining, by said content provisioner 
following said receiving and in said creating , one or 
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more delivery parameters, said one or more delivery- 
parameters identifying a target device to receive said 
digital content wherein said one or more delivery 
parameters is used to determine said target device; and 

means for sending, by said content provisioner to 
said end-user device , said authenticated digital 
content request including said one or more delivery 
parameters . 

20. (Original) The apparatus of claim 19 wherein 
said digital content request comprises a Universal 

Resource Locator (URL) ; 

said authenticated digital content request 
comprises a tokenized URL; and 

said means for creating further comprises: 

means for determining a token pool associated 
with said digital content; 

means for determining a token in said token 
pool; and 

means for creating a tokenized URL based at 
least in part on said token. 

21. (Original) The apparatus of claim 20 wherein said 
tokenized URL further comprises a cryptogram based at least 
in part on an identifier that describes the location of said 
digital content. 

22. (Original) The apparatus of claim 20 wherein said 
token is from a token pool associated with the location of 
digital content for which access is authorized. 



GUNNISON, Me KAY & 

HODGSON, L.LF. 
Garden West Office Plaza 
1900 Garden Road. Suite 220 
Monterey. CA 93 WO 

(331)655-0350 
Fa* (331)655*0533 



23. (Previously Presented) The apparatus of claim 19, 
further comprising means for synchronizing said content 
provisioner with a content repository if synchronization is 
enabled. 
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24. (Original) The apparatus of claim 19 wherein said 
one or more delivery parameters comprises a serial number 
uniquely identifying said target device. 

25. (Original) The apparatus of claim 19 wherein said 
one or more delivery parameters comprises a master key 
indicator for use in decrypting an encrypted form of said 
digital content. 

26. (Original) The apparatus of claim 19 wherein said 
one or more delivery parameters comprises a key derivation 
process indicator for use in deriving a cryptographic key 
for decrypting an encrypted form of said digital content. 

27. (Original) The apparatus of claim 19 wherein said 
one or more delivery parameters comprises a cryptographic 
process indicator that specifies a cryptographic process 
supported by said target device. 

28. (Currently Amended) An apparatus for digital 
content access control, the apparatus comprising: 

a memory for storing provisioning information for 
use in creating an authenticated digital content 
request that is based at least in part on a digital 
content request comprising a request for digital 
content; and 



a content provisioner configured to: 

receive a digital content request from an 
end- user device, said digital content request 
comprising a request for digital content; 

create , following said receiving , an 
authenticated digital content request if a n end- 
user associated with said digital content request 
is authorized to access said digital content; 



GUNNISON, McKAY & 

HODGSON, L.L.P. 
Garden West Office Plaza 
1900 Garden Road. Strile 220 
Momerey.CA 93 WO 

(831)655-0580 
Fax (331)655-0333 



determine , following said receiving and in 
said creating , one or more delivery parameters, 
said one or more delivery parameters identifying a 
target device to receive said digital content 
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wherein said one or more delivery parameters is 
used to determine said target device; and 

send said authenticated digital content 
request including said one or more delivery- 
parameters . 



29. (Previously Presented) The apparatus of claim 28 
wherein said apparatus is further configured to synchronize 
with a content repository if synchronization is enabled. 

30. (Previously Presented) The apparatus of claim 28 
wherein 

said digital content request comprises a Universal 
Resource Locator (URL) ; 

said authenticated digital content request 
comprises a tokenized URL; and 

said content provisioner is further configured to: 
determine a token pool associated with said 

digital content; 

determine a token in said token pool; and 
create a tokenized URL based at least in part 

on said token. 

31. (Original) The apparatus of claim 30 wherein said 
tokenized URL further comprises a cryptogram based at least 
in part on an identifier that describes the location of said 
digital content. 

32. (Original) The apparatus of claim 30 wherein said 
token is from a token pool associated with the location of 
digital content for which access is authorized. 
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33. (Currently Amended) A method for digital content 
access control, comprising: 

receiving, by a content repository, an 
authenticated digital content request, including one or 
more delivery parameters wherein said one or more 
delivery parameters is used to determine a target 



Page 8 of 31 



Appl. No. 10/669,160 
Amdt. dated April 1, 2008 

Reply to Office Action of January 2, 2008 



device, from a n end- user device, said authenticated 
digital content request based at least in part on a 
digital content request comprising a request for 
digital content wherein said authenticated digital 
content request was generated by a content provisioner 
in response to said digital content request from said 
end- user device; 

validating, by said content repository, said 
authenticated digital content request, said validating 
comprising indicating said authenticated digital 
content request is valid if said authenticated digital 
content request is validly associated with said digital 
content and if said authenticated digital content 
request authenticates said digital content request; 

determining, by said content repository, a session 
key if said authenticated digital content request is 
valid, said determining comprising: 

determining a target key based at least in 
part on a target ID obtained using said one or 
more delivery parameters, said target ID 
identifying said target device; and 

applying a cryptographic process to a first 
key based at least in part on at least part of 
said authenticated digital content request 
together with said target key to create said 
session key; 

encrypting, by said content repository, said 
digital content using said session key; and 

sending, by said content repository, said 
encrypted digital content. 
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34. (Original) The method of claim 33 wherein said 
determining said target key comprises: 
determining a master key; and 

applying a cryptographic process to said target ID 
together with said master key to create said target 
key. 
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35. (Original) The method of claim 34 wherein said 
determining said master key is based at least in part on 
said one or more delivery parameters. 

36. (Previously Presented) The method of claim 33, 
further comprising synchronizing said content repository 
with said content provisioner if said synchronizing is 
enabled . 



37. (Original) The method of claim 33 wherein 

said digital content request comprises a Universal 
Resource Locator (URL) ; and 

said authenticated digital content request 
comprises a tokenized URL. 

38. (Original) The method of claim 33 wherein 
said tokenized URL further comprises a token 

comprising a cryptogram based at least in part on an 
identifier that describes the location of said digital 
content; and 

said at least part of said authenticated digital 
content request comprises said token. 

39. (Original) The method of claim 38 wherein said 
first key comprises a token key based at least in part on 
said token. 

40. (Original) The method of claim 38 wherein said 
token is from a token pool associated with the location of 
digital content for which access is authorized. 
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41. (Original) The method of claim 33 wherein said 
validating further comprises: 
receiving a token; 

indicating said token is invalid if said token is 
not found within a token pool associated with said 
digital content or if said token has been fully 
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redeemed, said token being fully redeemed if the number 
of token redemptions equals a predetermined amount; and 

incrementing a token redemption count associated 
with said token and indicating said token is valid if 
said token is found within said token pool and said 
token has not been fully redeemed. 

42. (Original) The method of claim 33 wherein said 
validating further comprises: 

receiving a token; 

indicating said token is invalid if said token is 
not associated with an partially redeemed or unredeemed 
offset within a token offset window, said token offset 
window comprising one or more offset entries identified 
by a base number and an offset from said base number, 
said one or more offset entries associated with a token 
in a token pool formed by applying a cryptographic 
process to the sum of said base number and said offset 
from said base number, together with a token chain key, 
said token pool associated with said digital content; . 
and 

updating the offset entry associated with said 
token and indicating said received token is valid if 
said token is associated with a partially redeemed 
offset or unredeemed offset within said token offset 
window. 

43. (Original) The method of claim 33 wherein said 
validating further comprises: 

receiving a token; 

indicating said token is invalid if said token is 
not found within a token pool associated with said 
digital content or if said token has been redeemed, 
said token pool formed from successive applications of 
a cryptographic one-way function; 

indicating said token is valid if said token is 
found within said token pool and said token has not 
been redeemed; and 
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invalidating tokens in said token chain that were 
generated after said received token. 



44. (Original) The method of claim 33 wherein said 
validating further comprises: 
receiving a token; 

indicating said token is invalid if said token is 
not found within a portion of a token pool comprising 
unredeemed tokens, said token pool formed from 
successive applications of a cryptographic one-way 
function; 

indicating said token is valid if said token is 
found within said token pool and said token has not 
been redeemed; and 

reordering tokens in said token pool after said 
indicating said token is valid, said reordering based 
at least in part on whether the tokens have been 
redeemed. 
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45. (Original) The method of claim 33 wherein said 
validating further comprises: 
receiving a token; 

initializing a current token to said received 
token; 

applying a cryptographic one-way function to said 
current token to create a result; 

assigning said result to said current token; 

repeating said applying until said current token 
matches a last redeemed token or until all tokens in 
said pool generated after said received token have been 
examined; 

indicating said token is valid if said current 
token matches said last redeemed token; and 

indicating said token is invalid if said current 
token does not match said last redeemed token and if 
all tokens in said pool generated after said received 
token have been examined. 
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46. (Original) The method of claim 33 wherein said 
one or more delivery parameters comprises a serial number 
uniquely identifying said target device. 

47. (Original) The method of claim 33 wherein said 
one or more delivery parameters comprises a master key 
indicator for use in decrypting an encrypted form of said 
digital content. 

48. (Original) The method of claim 33 wherein said 
one or more delivery parameters comprises a key derivation 
process indicator for use in deriving a cryptographic key 
for decrypting an encrypted form of said digital content. 

49. (Original) The method of claim 33 wherein said 
one or more delivery parameters comprises a cryptographic 
process indicator that specifies a cryptographic process 
supported by said target device. 
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50. (Currently Amended) A program storage device 
readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for digital 
content access control, the method comprising: 

receiving, by a content repository, an 
authenticated digital content request, including one or 
more delivery parameters wherein said one or more 
delivery parameters is used to determine said target 
device, from a n end- user device, said authenticated 
digital content request based at least in part on a 
digital content request comprising a request for 
digital content wherein said authenticated digital 
content request was generated by a content provisioner 
in response to said digital content request from said 
end- user device; 

validating, by said content repository, said 
authenticated digital content request, said validating 
comprising indicating said authenticated digital 
content request is valid if said authenticated digital 
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content request is validly associated with said digital 
content and if said authenticated digital content 
request authenticates said digital content request; 

determining, by said content repository, a session 
key if said authenticated digital content request is 
valid, said determining comprising: 

determining a target key based at least in 
part on a target ID obtained using said one or 
more delivery parameters, said target ID 
identifying said target device; and 

applying a cryptographic process to a first 
key based at least in part on at least part of 
said authenticated digital content request 
together with said target key to create said 
session key; 

encrypting, by said content repository, said 
digital content using said session key; and 

sending, by said content repository, said 
encrypted digital content. 

51. (Original) The program storage device of claim 50 
wherein said determining said target key comprises: 

determining a master key; and 

applying a cryptographic process to said target ID 
together with said master key to create said target 
key. 

52. (Original) The program storage device of claim 51 
wherein said determining said master key is based at least 
in part on said one or more delivery parameters. 
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53. (Previously Presented) The program storage device 
of claim 50 wherein said method further comprises 
synchronizing said content repository with a content 
provisioner if said synchronizing is enabled. 



54 . 
wherein 



(Original) The program storage device of claim 50 
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said digital content request comprises a Universal 
Resource Locator (URL) ; and 

said authenticated digital content request 
comprises a tokenized URL. 

55. (Original) The program storage device of claim 54 
wherein 

said tokenized URL further comprises a token 
comprising a cryptogram based at least in part on an 
identifier that describes the location of said digital 
content; and 

said at least part of said authenticated digital 
content request comprises said token. 

56. (Original) The program storage device of claim 55 
wherein said first key comprises a token key based at least 
in part on said token. 

57. (Original) The program storage device of claim 55 
wherein said token is from a token pool associated with the 
location of digital content for which access is authorized. 
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58. (Original) The program storage device of claim 50 
wherein said validating further comprises: 

receiving a token; 

indicating said token is invalid if said token is 
not found within a token pool associated with said 
digital content or if said token has been fully 
redeemed, said token being fully redeemed if the number 
of token redemptions equals a predetermined amount; and 

incrementing a token redemption count associated 
with said token and indicating said token is valid if 
said token is found within said token pool and said 
token has not been fully redeemed. 

59. (Previously Presented) The program storage device 
of claim 50 wherein said validating further comprises: 

receiving a token; 
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indicating said token is invalid if said token is 
not associated with an partially redeemed or unredeemed 
offset within a token offset window, said token offset 
window comprising one or more offset entries identified 
by a base number and an offset from said base number, 
said one or more offset entries associated with a token 
in a token pool formed by applying a cryptographic 
process to the sum of said base number and said offset 
from said base number, together with a token chain key, 
said token pool associated with said digital content; 
and 

updating the offset entry associated with said 
token and indicating said received token is valid if 
said token is associated with a partially redeemed 
offset or unredeemed offset within said token offset 
window. 

60. (Original) The program storage device of claim 50 
wherein said validating further comprises: 

receiving a token; 

indicating said token is invalid if said token is 
not found within a token pool associated with said 
digital content or if said token has been redeemed, 
said token pool formed from successive applications of 
a cryptographic one-way function; 

indicating said token is valid if said token is 
found within said token pool and said token has not 
been redeemed; and 

invalidating tokens in said token chain that were 
generated after said received token. 

61. (Original) The program storage device of claim 50 
wherein said validating further comprises: 

receiving a token; 
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successive applications of a cryptographic one-way 
function; 

indicating said token is valid if said token is 
found within said token pool and said token has not 
been redeemed; and 

reordering tokens in said token pool after said 
indicating said token is valid, said reordering based 
at least in part on whether the tokens have been 
redeemed. 



62. (Original) The program storage device of claim 50 
wherein said validating further comprises: 
receiving a token; 

initializing a current token to said received 
token; 

applying a cryptographic one-way function to said 
current token to create a result; 

assigning said result to said current token; 

repeating said applying until said current token 
matches a last redeemed token or until all tokens in 
said pool generated after said received token have been 
examined; 

indicating said token is valid if said current 
token matches said last redeemed token; and 

indicating said token is invalid if said current 
token does not match said last redeemed token and if 
all tokens in said pool generated after said received 
token have been examined. 



63. (Original) The program storage device of claim 50 
wherein said one or more delivery parameters comprises a 
serial number uniquely identifying said target device. 
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64. (Original) The program storage device of claim 50 
wherein said one or more delivery parameters comprises a 
master key indicator for use in decrypting an encrypted form 
of said digital content. 
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65. (Original) The program storage device of claim 50 
wherein said one or more delivery parameters comprises a key 
derivation process indicator for use in deriving a 
cryptographic key for decrypting an encrypted form of said 
digital content. 

66. (Original) The program storage device of claim 50 
wherein said one or more delivery parameters comprises a 
cryptographic process indicator that specifies a 
cryptographic process supported by said target device. 
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67. (Currently Amended) An apparatus for digital 
content access control, comprising: 

means for receiving, by a content repository, an 
authenticated digital content request, including one or 
more delivery parameters wherein said one or more 
delivery parameters is used to determine a oaid target 
device, from a n end- user device, said authenticated 
digital content request based at least in part on a 
digital content request comprising a request for 
digital content wherein said authenticated digital 
content request was generated by a content provisioner 
in response to said digital content request from said 
end- user device; 

means for validating, by said content repository, 
said authenticated digital content request, said 
validating comprising indicating said authenticated 
digital content request is valid if said authenticated 
digital content request is validly associated with said 
digital content and if said authenticated digital 
content request authenticates said digital content 
request ; 

means for determining, by said content repository, 
a session key if said authenticated digital content 
request is valid, said means for determining 
comprising : 

means for determining a target key based at 
least in part on a target ID obtained using said 
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one or more delivery parameters, said target ID 
identifying said target device; and 

means for applying a cryptographic process to 
a first key based at least in part on at least 
part of said authenticated digital content request 
together with said target key to create said 
session key; 

means for encrypting, by said content repository, 
said digital content using said session key; and 

means for sending, by said content repository, 
said encrypted digital content. 

68. (Original) The apparatus of claim 67 wherein said 
means for determining said target key comprises: 

means for determining a master key; and 

means for applying a cryptographic process to said 

target ID together with said master key to create said 

target key. 

69. (Original) The apparatus of claim 68 wherein said 
determining said master key is based at least in part on 
said one or more delivery parameters. 

70. (Previously Presented) The apparatus of claim 67, 
further comprising means for synchronizing said content 
repository with a content provisioner if said synchronizing 
is enabled. 

71. (Original) The apparatus of claim 67 wherein 
said digital content request comprises a Universal 

Resource Locator (URL) ; and 

said authenticated digital content request 
comprises a tokenized URL. 
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72. (Original) The apparatus of claim 71 wherein 

said tokenized URL further comprises a token 
comprising a cryptogram based at least in part on an 
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identifier that describes the location of said digital 
content; and 

said at least part of said authenticated digital 
content request comprises said token. 

73. (Original) The apparatus of claim 72 wherein said 
first key comprises a token key based at least in part on 
said token. 

74. (Original) The apparatus of claim 72 wherein said 
token is from a token pool associated with the location of 
digital content for which access is authorized. 

75. (Original) The apparatus of claim 67 wherein said 
means for validating further comprises: 

means for receiving a token; 

means for indicating said token is invalid if said, 
token is not found within a token pool associated with 
said digital content or if said token has been fully 
redeemed, said token being fully redeemed if the number 
of token redemptions equals a predetermined amount; and 

means for incrementing a token redemption count 
associated with said token and indicating said token is 
valid if said token is found within said token pool and 
said token has not been fully redeemed. 
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76. (Original) The apparatus of claim 67 wherein said 
means for validating further comprises: 
means for receiving a token; 

means for indicating said token is invalid if said 
token is not associated with an partially redeemed or 
unredeemed offset within a token offset window, said 
token offset window comprising one or more offset 
entries identified by a base number and an offset from 
said base number, said one or more offset entries 
associated with a token in a token pool formed by 
applying a cryptographic process to the sum of said 
base number and said offset from said base number, 
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together with a token chain key, said token pool 
associated with said digital content; and 

means for updating the offset entry associated 
with said token and indicating said received token is 
valid if said token is associated with a partially 
redeemed offset or unredeemed offset within said token 
offset window. 

77. (Original) The apparatus of claim 67 wherein said 
means for validating further comprises: 
means for receiving a token; 

means for indicating said token is invalid if said 
token is not found within a token pool associated with 
said digital content or if said token has been 
redeemed, said token pool formed from successive 
applications of a cryptographic one-way function; 

means for indicating said token is valid if said 
token is found within said token pool and said token 
has not been redeemed; and 

means for invalidating tokens in said token chain 
that were generated after said received token. 
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78. (Original) The apparatus of claim 67 wherein said 
means for validating further comprises: 
means for receiving a token; 

means for indicating said token is invalid if said 
token is not found within a portion of a token pool 
comprising unredeemed tokens, said token pool formed 
from successive applications of a cryptographic one-way 
function; 

means for indicating said token is valid if said 
token is found within said token pool and said token 
has not been redeemed; and 

means for reordering tokens in said token pool 
after said indicating said token is valid, said 
reordering based at least in part on whether the tokens 
have been redeemed. 
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79. (Original) The apparatus of claim 67 wherein said 
means for validating further comprises: 

means for receiving a token; 

means for initializing a current token to said 
received token; 

means for applying a cryptographic one-way 
function to said current token to create a result; 

means for assigning said result to said current 
token; 

means for repeating said applying until said 
current token matches a last redeemed token or until 
all tokens in said pool generated after said received 
token have been examined; 

means for indicating said token is valid if said 
current token matches said last redeemed token; and 

means for indicating said token is invalid if said 
current token does not match said last redeemed token 
and if all tokens in said pool generated after said 
received token have been examined. 

80. (Original) The apparatus of claim 67 wherein said 
one or more delivery parameters comprises a serial number 
uniquely identifying said target device. 

81. (Original) The apparatus of claim 67 wherein said 
one or more delivery parameters comprises a master key 
indicator for use in decrypting an encrypted form of said 
digital content . 

82. (Original) The apparatus of claim 67 wherein said 
one or more delivery parameters comprises a key derivation 
process indicator for use in deriving a cryptographic key 
for decrypting an encrypted form of said digital content. 
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83. (Original) The apparatus of claim 67 wherein said 
one or more delivery parameters comprises a cryptographic 
process indicator that specifies a cryptographic process 
supported by said target device. 
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84. (Currently Amended) An apparatus for digital 
content access control, the apparatus comprising: 
a content repository comprising: 

a memory for storing said digital content; 

and 

a processor configured to: 

receive , from an end-user device, an 
authenticated digital content request 
including one or more delivery parameters 
wherein said one or more delivery parameters 
is used to determine a oaid target device, 
said authenticated digital content request 
based at least in part on a digital content 
request comprising a request for digital 
content; 

validate said authenticated digital 
content request, said validating comprising 
indicating said authenticated digital content 
request is valid if said authenticated 
digital content request is validly associated 
with said digital content and if said 
authenticated digital content request 
authenticates said digital content request; 

determine a session key if said 
authenticated digital content request is 
valid, said determining comprising: 

determining a target key based at 
least in part on a target ID obtained 
using said one or more delivery 
parameters, said target ID identifying 
said target device; and 

applying a cryptographic process to 
a first key based at least in part on at 
least part of said authenticated digital 
content request together with said 
target key to create said session key; 
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encrypt said digital content using said 
session key; and 

send said encrypted digital content. 

85. (Original) The apparatus of claim 84 wherein said 
apparatus is further configured to determine said target key 
by: 

determining a master key; and 

applying a cryptographic process to said target ID 
together with said master key to create said target 
key. 

86. (Original) The apparatus of claim 85 wherein said 
apparatus is further configured to determine said master key 
based at least in part on said one or more delivery 
parameters . 
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